Skip to content

Fix incorrect default starting year in NVD importer #2085

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Adityakk9031 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fix incorrect default starting year in NVD importer #2085

Adityakk9031 wants to merge 1 commit into from
+1 −1

Conversation

@Adityakk9031
Copy link

@Adityakk9031 Adityakk9031 commented Dec 25, 2025

Problem

The function fetch_cve_data_1_1 in vulnerabilities/pipelines/v2_importers/nvd_importer.py uses starting_year=2025 as the default value.
However, NVD JSON CVE feeds are available starting from 2002, not 2025.
Because of this incorrect default, older CVE data (2002–2024) is skipped when the importer runs without explicitly passing a starting year.

Solution

Updated the default value of starting_year from 2025 to 2002 so the importer correctly fetches all available NVD CVE data by default, matching the documented behavior and NVD feed availability.

Changes Made

Changed fetch_cve_data_1_1(starting_year=2025) → fetch_cve_data_1_1(starting_year=2002)

No other logic or behavior was modified.

Issue Link

Fixes: Incorrect starting year #2079
#2079

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Adityakk9031